Jonas Juselius
29 lines
770 B
YAML
29 lines
770 B
YAML
apiVersion: cilium.io/v2
|
|
kind: CiliumClusterwideNetworkPolicy
|
|
metadata:
|
|
name: allow-namespace-traffic
|
|
spec:
|
|
description: "Allow all traffic within a namespace, allow dns, allow egress to all entities in cluster"
|
|
endpointSelector: {}
|
|
ingress:
|
|
- fromEndpoints:
|
|
- matchExpressions:
|
|
- key: io.kubernetes.pod.namespace
|
|
operator: Exists
|
|
egress:
|
|
- toEndpoints:
|
|
- matchExpressions:
|
|
- key: io.kubernetes.pod.namespace
|
|
operator: Exists
|
|
- toEndpoints:
|
|
- matchLabels:
|
|
io.kubernetes.pod.namespace: kube-system
|
|
k8s-app: kube-dns
|
|
toPorts:
|
|
- ports:
|
|
- port: "53"
|
|
protocol: UDP
|
|
rules:
|
|
dns:
|
|
- matchPattern: "*"
|